1. Who are we?

• Name: HUMAN AFTER ALL SRL ("we", "our")
• Registered seat: rue Edouard Fiers 26, 1030 Brussels
• Company number: BE 0687.517.885
• Details of our contact person for all questions relating to data protection: Ms. Amélie Beerens, hello@ameliebeerens.com  

     2. Who are the people involved?
     2.1. We process personal data relating to:

• Our clients and their representatives;
• representatives of our suppliers;
• Candidates for employment with us; 
• visitors to our website and workplaces; and 
• Other data subjects ("data subjects", "you", "your").

     2.2. This privacy policy (the "Policy") applies to any processing of your personal data by us.

     3. What is our commitment to data protection?
We are committed to using our best efforts to make our personal data processing activities compliant with applicable data protection legislation, including Regulation (EU) 2016/679 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation) (the "GDPR") and the Law of 30 July 2018 on the protection of individuals with regard to the processing of personal data, as amended, supplemented or replaced from time to time (the "Applicable Data Protection Legislation").

     4. For what purposes do we process your personal data?
     4.1. If you are our customer or his/her representative or one of our suppliers, we process :

• your personal identification data, your professional identification data and your contact data for the activation, management and maintenance of our commercial relationship;
• your personal identification data and your professional identification data to enable us to organise billing;
• if applicable, your bank details to verify payment of invoices;
• where applicable, your personal identification data, your business identification data and your contact data for the purpose of sending communications for direct marketing purposes.

     4.2. If you apply for a job with us, we process your personal identification data, your professional identification data, your contact data, data relating to your professional life (skills, qualifications, experience, etc.) and personal data contained in your curriculum vitae or in any other medium (online form made available to you) in order to respond to our job offer, in order to assess your profile in relation to our recruitment needs. curriculum vitae or any other medium (online form made available to you) in order to respond to our job advertisement and to assess your profile in relation to our recruitment needs.
     4.3. If you visit our website, we may process electronic identification data about you in aggregate form to measure the frequency of visits to our website, to improve the browsing experience and to detect and prevent fraud and computer security breaches. website, to improve the browsing experience and for the detection and prevention of fraud and computer security breaches. 
     4.4. If our workplaces are equipped with surveillance cameras, we may request access to images of you only where such access is necessary to pursue our legitimate interest in detecting crime or disorder and to the extent permitted by applicable law.
     4.5. We may also process some of your personal data for the following purposes

• Conducting internal and external audits;
• to manage disputes and where the processing is necessary for the establishment, exercise or defense of legal claims.

     5. In what capacity do we process your personal data?
We process your personal data in our capacity as data controller. In this context, we determine the purposes and means of processing your personal data.
     6. On what basis do we process your personal data?
     6.1. The provision of your personal data may be necessary : 

• the performance of a contract to which the data subject is a party or the performance of pre-contractual measures taken at your request (e.g. in the case of a request to provide a service proposal);
• compliance with an applicable legal requirement applicable to us (e.g. accounting, tax, etc.);
• the pursuit of our legitimate interests provided that these interests prevail over your fundamental rights and freedoms.

     6.2. We ask for your prior, free and informed consent before processing any of your personal data (for example, whenever the processing of your data involves a transfer of your image rights).
     6.3. The provision of some of your personal data (e.g. your personal identification data, etc.) is essential to our ability to provide our service or perform our activities. The possible consequences of not providing your personal data could include our inability to provide our service or perform our activities or a breach by us of one or more obligations under applicable laws (for example, accounting and tax laws).

     7. Where does your personal data come from?
     7.1. The personal data we process comes from the following sources:

• directly from you, for example when we first contact you or when you fill in a form on our website;
• from publicly available information (on the internet), for example when we check the profile of applicants for a job with us.

     8. Who has access to your personal data?
     8.1. The following recipients may receive or have access to some of your personal data (only if necessary for the performance of their duties):

• our staff members in charge of commercial and administrative follow-up have access to the personal identification data, professional identification data and contact data of our website and social network users, our customers and our customers' representatives;
• Members of our supplier monitoring team have access to the personal identification data, professional identification data and contact data of our suppliers' representatives; 
• Our legal advisors and lawyers have access to certain personal data of data subjects in the context of restructuring our business or litigation.

     8.2. We may entrust the processing of some of your personal data to subcontractors only to the extent necessary to carry out their tasks and in accordance with our written instructions and the Applicable Data Protection Legislation.

     9. How do we manage our subcontractors?
    9.1. We take appropriate steps to ensure that our processors process your personal data in accordance with the Applicable Data Protection Legislation, where applicable.
     9.2. We ensure, among other things, that our subcontractors undertake to process personal data only on our instructions, not to engage another subcontractor without our prior authorisation, to take adequate technical and organisational measures to ensure the security of personal data, to ensure that persons authorised to access personal data are subject to adequate confidentiality obligations, to return and/or destroy the personal data they process at the end of their services, to comply with audits and to provide us with assistance in following up on data subjects' requests to exercise their rights in relation to their personal data.

     10. What are the applicable retention periods?
     10.1. We ensure that your personal data is kept for no longer than is necessary for the purposes for which it is processed.
     10.2. We keep invoices and other accounting documents (which may include some of your personal data) for a period of seven (7) years from the date of issue in accordance with accounting law. These accounting documents may, where applicable, contain certain personal identification data, certain business identification data and certain contact data.
     10.3. We also use the following criteria to determine the length of time we keep personal data depending on the context and purposes of each processing operation:

• the date of our last contact;
• security reasons (e.g. the security of our information systems);
• any actual or potential dispute or litigation with a data subject;
• any legal obligation to retain or erase personal data (for example, a retention obligation imposed by accounting or tax law). 

     11. What are your rights?
    11.1. Subject to the Applicable Data Protection Legislation, you have a right to information, a right of access to, rectification of and erasure of your personal data, a right to object to or restrict the processing of your personal data, a right to portability of personal data and a right to withdraw your consent.
     11.2. Any request concerning your rights in relation to your personal data should be addressed to our contact person at the above address. 
     11.3. We may retain your personal data for certain purposes where required or permitted by law. 

     12. What level of security do we provide?
    12.1. We take appropriate technical and organisational measures to ensure a level of security appropriate to the risks associated with processing your personal data. 
     12.2. We follow industry best practice to ensure that personal data is not accidentally or unlawfully destroyed, lost, altered, disclosed or accessed in an unauthorised manner.

     13. Do you have any questions or complaints?
     13.1. If you have any questions or complaints about the way we process your personal data, please address them in advance to our data protection contact person using the contact details listed in the Policy.
     13.2. You have the right to lodge a complaint with the competent supervisory authority. The competent authority for Belgium is the Data Protection Authority, rue de la Presse 35, 1000 Brussels, +32 (0)2 274 48 00, contact@apd-gba.be.

      14. Anything else?
     14.1. We reserve the right to update the Policy from time to time. We will notify you of any changes we make to the Policy, including through our website. 
    14.2. In the event of a conflict or inconsistency between a provision of the Policy and a provision of another policy or document relating to the processing of personal data, the provision of the Policy shall prevail.